Search criteria
6 vulnerabilities found for 750-362 by WAGO
VAR-201810-1044
Vulnerability from variot - Updated: 2025-06-14 23:05WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. WAGO 750-881 Ethernet Controller The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WAGO750-881EthernetControllerdevices is an Ethernet controller device from WAGO, Germany. The remote attacker can use the SNMP_DESC or SNMP_LOC_SNMP_CONT field to inject any web script or HTML. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-881 ethernet controller devices",
"scope": "eq",
"trust": 1.6,
"vendor": "wago",
"version": "01.09.18\\(13\\)"
},
{
"model": "750-881 ethernet controller devices",
"scope": "eq",
"trust": 1.6,
"vendor": "wago",
"version": "01.08.01\\(10\\)"
},
{
"model": "750-862",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "05"
},
{
"model": "750-891",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "05"
},
{
"model": "750-831",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-352",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-363",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "05"
},
{
"model": "750-889",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-880",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-823",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "05"
},
{
"model": "750-881",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-362",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "05"
},
{
"model": "750-852",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "14"
},
{
"model": "750-832",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "05"
},
{
"model": "750-890",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "05"
},
{
"model": "750-881 ethernet controller device",
"scope": "lte",
"trust": 0.8,
"vendor": "wago",
"version": "01.09.18(13)"
},
{
"model": "ethernet controller",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-881\u003c=01.09.18(13)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-676"
},
{
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:wago_750-881_ethernet_controller_devices_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
}
]
},
"cve": "CVE-2018-16210",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-16210",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-21245",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-126547",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-16210",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-16210",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16210",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-16210",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-21245",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-676",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126547",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "VULHUB",
"id": "VHN-126547"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-676"
},
{
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. WAGO 750-881 Ethernet Controller The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WAGO750-881EthernetControllerdevices is an Ethernet controller device from WAGO, Germany. The remote attacker can use the SNMP_DESC or SNMP_LOC_SNMP_CONT field to inject any web script or HTML. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16210"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "VULHUB",
"id": "VHN-126547"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "EXPLOIT-DB",
"id": "45581",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-16210",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-676",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-21245",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126547",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "VULHUB",
"id": "VHN-126547"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-676"
},
{
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"id": "VAR-201810-1044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "VULHUB",
"id": "VHN-126547"
}
],
"trust": 1.1798500888888888
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
}
]
},
"last_update_date": "2025-06-14T23:05:23.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126547"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.exploit-db.com/exploits/45581/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16210"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16210"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/45581"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "VULHUB",
"id": "VHN-126547"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-676"
},
{
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "VULHUB",
"id": "VHN-126547"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-676"
},
{
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-126547"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"date": "2018-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-676"
},
{
"date": "2018-10-12T22:15:07.377000",
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"date": "2019-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126547"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011237"
},
{
"date": "2019-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-676"
},
{
"date": "2025-06-13T17:56:26.900000",
"db": "NVD",
"id": "CVE-2018-16210"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-676"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO 750-881 Ethernet Controller Device Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21245"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011237"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-676"
}
],
"trust": 0.6
}
}
VAR-202009-1557
Vulnerability from variot - Updated: 2024-11-23 22:47Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. WAGO 750-8XX There is an authentication vulnerability in the series firmware.Information is tampered with and denial of service (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1557",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-891",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw03"
},
{
"model": "750-862",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw03"
},
{
"model": "750-363",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw03"
},
{
"model": "750-890",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw03"
},
{
"model": "750-362",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw03"
},
{
"model": "750-823",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw03"
},
{
"model": "750-832",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw03"
},
{
"model": "750-362",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-363",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-823",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-832",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-862",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-890",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-891",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"cve": "CVE-2020-12506",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12506",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12506",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-011993",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12506",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2020-12506",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-12506",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1693",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1693"
},
{
"db": "NVD",
"id": "CVE-2020-12506"
},
{
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. WAGO 750-8XX There is an authentication vulnerability in the series firmware.Information is tampered with and denial of service (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12506"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT@VDE",
"id": "VDE-2020-028",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-12506",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011993",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1693",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1693"
},
{
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"id": "VAR-202009-1557",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.238333332
},
"last_update_date": "2024-11-23T22:47:51.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.wago.co.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12506"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1693"
},
{
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1693"
},
{
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"date": "2020-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1693"
},
{
"date": "2020-09-30T16:15:12.777000",
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T06:39:00",
"db": "JVNDB",
"id": "JVNDB-2020-011993"
},
{
"date": "2021-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1693"
},
{
"date": "2024-11-21T04:59:49.660000",
"db": "NVD",
"id": "CVE-2020-12506"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1693"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO\u00a0750-8XX\u00a0 Authentication vulnerabilities in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1693"
}
],
"trust": 0.6
}
}
VAR-202305-2841
Vulnerability from variot - Updated: 2024-10-02 23:15Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. 750-363/040-000 firmware, 750-362/040-000 firmware, 750-362/000-001 firmware etc. WAGO The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-2841",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-362\\/040-000",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-890",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-364\\/040-010",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-832\\/000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-890\\/025-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-890\\/025-000",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-891",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-362",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-862",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-362\\/000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-823",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-890\\/025-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-832",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-890\\/040-000",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-363",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-365\\/040-010",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-363\\/040-000",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-893",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw11"
},
{
"model": "750-890/025-002",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-363/040-000",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-823",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-832/000-002",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-832",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-890/025-001",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-862",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-890/040-000",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-365/040-010",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-890",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-362/040-000",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-362",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-893",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-891",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-364/040-010",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-363",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-890/025-000",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "750-362/000-001",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"cve": "CVE-2023-1150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-1150",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-014363",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2023-1150",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-014363",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-2735",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-2735"
},
{
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. 750-363/040-000 firmware, 750-362/040-000 firmware, 750-362/000-001 firmware etc. WAGO The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"db": "VULMON",
"id": "CVE-2023-1150"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-1150",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2023-005",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014363",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202305-2735",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-1150",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-2735"
},
{
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"id": "VAR-202305-2841",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24722222000000002
},
"last_update_date": "2024-10-02T23:15:32.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wago 750-8xx Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243000"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-2735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert.vde.com/en/advisories/vde-2023-005/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1150"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-1150/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-2735"
},
{
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-2735"
},
{
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-26T00:00:00",
"db": "VULMON",
"id": "CVE-2023-1150"
},
{
"date": "2023-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"date": "2023-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-2735"
},
{
"date": "2023-06-26T07:15:08.877000",
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-26T00:00:00",
"db": "VULMON",
"id": "CVE-2023-1150"
},
{
"date": "2023-12-22T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2023-014363"
},
{
"date": "2023-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-2735"
},
{
"date": "2024-10-02T06:15:04.583000",
"db": "NVD",
"id": "CVE-2023-1150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-2735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 Product resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014363"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-2735"
}
],
"trust": 0.6
}
}
VAR-202108-0988
Vulnerability from variot - Updated: 2024-08-14 15:11This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. plural WAGO product There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0988",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-890\\/040-000",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-890\\/025-000",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-823",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-832\\/000-002",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-862",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-362",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-890\\/025-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-893",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-832",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-363",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-890\\/025-002",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-891",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "fw07"
},
{
"model": "750-832/000-002",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-862",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-362",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-890/025-001",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-890/040-000",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-890/025-002",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-832",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-823",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-890/025-000",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "750-363",
"scope": null,
"trust": 0.8,
"vendor": "\u30ef\u30b4\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"cve": "CVE-2021-34578",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-34578",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-34578",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34578",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-34578",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34578",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-34578",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-34578",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2776",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-34578",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34578"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2776"
},
{
"db": "NVD",
"id": "CVE-2021-34578"
},
{
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. plural WAGO product There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34578"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "VULMON",
"id": "CVE-2021-34578"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34578",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2020-044",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011289",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2776",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34578",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34578"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2776"
},
{
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"id": "VAR-202108-0988",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.238333332
},
"last_update_date": "2024-08-14T15:11:49.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.wago.co.jp/"
},
{
"title": "WAGO Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161863"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2776"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories/vde-2020-044"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34578"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2020-044/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34578"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2776"
},
{
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-34578"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2776"
},
{
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34578"
},
{
"date": "2022-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"date": "2021-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2776"
},
{
"date": "2021-08-31T11:15:07.777000",
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34578"
},
{
"date": "2022-07-26T03:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-011289"
},
{
"date": "2021-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2776"
},
{
"date": "2021-09-08T16:02:25.067000",
"db": "NVD",
"id": "CVE-2021-34578"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2776"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WAGO\u00a0 product \u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2776"
}
],
"trust": 0.6
}
}
CVE-2020-12506 (GCVE-0-2020-12506)
Vulnerability from nvd – Published: 2020-09-30 15:43 – Updated: 2024-09-17 00:06
VLAI?
Title
WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03
Summary
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
Severity ?
9.1 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 750-362 |
Affected:
unspecified , ≤ FW03
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.
coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "750-362",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-363",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-823",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-832/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-862",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-891",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-890/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "en",
"value": "coordinated by CERT@VDE"
}
],
"datePublic": "2020-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:22:01.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW03)."
}
],
"source": {
"advisory": "vde-2020-028",
"defect": [
"vde-2020-028"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions \u003c= FW03",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-09-29T22:00:00.000Z",
"ID": "CVE-2020-12506",
"STATE": "PUBLIC",
"TITLE": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions \u003c= FW03"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "750-362",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-363",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-823",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-832/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-862",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-891",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-890/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "eng",
"value": "coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-028",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW03)."
}
],
"source": {
"advisory": "vde-2020-028",
"defect": [
"vde-2020-028"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12506",
"datePublished": "2020-09-30T15:43:20.405Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:46.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12506 (GCVE-0-2020-12506)
Vulnerability from cvelistv5 – Published: 2020-09-30 15:43 – Updated: 2024-09-17 00:06
VLAI?
Title
WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03
Summary
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
Severity ?
9.1 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | 750-362 |
Affected:
unspecified , ≤ FW03
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO.
coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "750-362",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-363",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-823",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-832/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-862",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-891",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "750-890/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "en",
"value": "coordinated by CERT@VDE"
}
],
"datePublic": "2020-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:22:01.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW03)."
}
],
"source": {
"advisory": "vde-2020-028",
"defect": [
"vde-2020-028"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions \u003c= FW03",
"workarounds": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-09-29T22:00:00.000Z",
"ID": "CVE-2020-12506",
"STATE": "PUBLIC",
"TITLE": "WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions \u003c= FW03"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "750-362",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-363",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-823",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-832/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-862",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-891",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
},
{
"product_name": "750-890/xxx-xxx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "FW03"
}
]
}
}
]
},
"vendor_name": "WAGO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maxim Rupp (https://rupp.it) reported this vulnerability to WAGO."
},
{
"lang": "eng",
"value": "coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version \u003c= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-028",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-028"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade devices to the latest standard firmware (\u003e FW03)."
}
],
"source": {
"advisory": "vde-2020-028",
"defect": [
"vde-2020-028"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP ports.\nDisable web-based management ports 80/443 after the configuration phase"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12506",
"datePublished": "2020-09-30T15:43:20.405Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:46.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}